Fix memory leaks when returning Neo4j strings

johannessen · johannessen · commit ba6da1a6f484 · 2024-10-23T00:15:34.000+02:00
When creating new Perl values through API functions like newSVpv() or hv_store(), const char* values are internally copied into memory that is managed by Perl itself. Manually allocating a buffer isn't necessary. Our neo4j_string_to_alloc_str() function does allocate a buffer and never frees it, causing a leak. neo4j_ustring_value() should be used instead. However, neo4j_ustring_value() currently doesn't return a valid pointer for empty strings, so we need to special-case that. (majensen/libneo4j-omni#10) When returning SVs from an XSUB, assigning them to a Perl variable will increment their ref count, which causes a leak unless the SV on the stack is mortal. If the SV* typemap is used, they become mortal automatically when they are returned. However, when instead pushing SVs onto the value stack manually, the SVs need to be mortalised manually as well.
diff --git a/lib/Neo4j/Bolt/CTypeHandlers.xs b/lib/Neo4j/Bolt/CTypeHandlers.xs
@@ -46,16 +46,6 @@ HV* neo4j_map_to_HV( neo4j_value_t value );
 SV* neo4j_value_to_SV( neo4j_value_t value );
 
 long long neo4j_identity_value(neo4j_value_t value);
-char *neo4j_string_to_alloc_str(neo4j_value_t value);
-
-char *neo4j_string_to_alloc_str(neo4j_value_t value) {
-  assert(neo4j_type(value) == NEO4J_STRING);
-  char *s;
-  int nlength;
-  nlength = (int) neo4j_string_length(value);
-  Newx(s,nlength+1,char);
-  return neo4j_string_value(value,s,(size_t) nlength+1);
-}
 
 neo4j_value_t SViv_to_neo4j_bool (SV *sv) {
   return neo4j_bool( (bool) SvIV(sv) );
@@ -309,7 +299,7 @@ SV* neo4j_string_to_SVpv( neo4j_value_t value ) {
   STRLEN len;
   SV* pv;
   len = neo4j_string_length(value);
-  pv = newSVpvn(neo4j_string_to_alloc_str(value), len);
+  pv = len ? newSVpvn(neo4j_ustring_value(value), len) : newSVpvs("");
   sv_utf8_decode(pv);
   return pv;
 }
@@ -365,18 +355,18 @@ AV* neo4j_list_to_AV( neo4j_value_t value ) {
 HV* neo4j_map_to_HV( neo4j_value_t value ) {
   int i,n;
   I32 klen;
-  char *ks;
+  const char *ks;
   const neo4j_map_entry_t *entry;
   HV *hv;
   SV *sv;
   hv = newHV();
   n = (int) neo4j_map_size(value);
   for (i=0;i<n;i++) {
     entry = neo4j_map_getentry(value,i);
-    ks = neo4j_string_to_alloc_str(entry->key);
+    klen = neo4j_string_length(entry->key);
+    ks = klen ? neo4j_ustring_value(entry->key) : "";
     sv = neo4j_value_to_SV(entry->value);
     SvREFCNT_inc(sv);
-    klen = neo4j_string_length(entry->key);
     if (! is_ascii_string((U8 *)ks, (STRLEN)klen)) {
       // treat key as utf8 (as opposed to single-byte)
       klen = -klen;
diff --git a/lib/Neo4j/Bolt/ResultStream.xs b/lib/Neo4j/Bolt/ResultStream.xs
@@ -47,7 +47,7 @@ void fetch_next_ (SV *rs_ref) {
   for (i=0; i<n; i++) {
     value = neo4j_result_field(result, i);
     perl_value = neo4j_value_to_SV(value);
-    Inline_Stack_Push( perl_value );
+    Inline_Stack_Push( sv_2mortal(perl_value) );
   }
   Inline_Stack_Done;
   return;

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ void fetch_next_ (SV *rs_ref) {`
`47`	`47`	`for (i=0; i<n; i++) {`
`48`	`48`	`value = neo4j_result_field(result, i);`
`49`	`49`	`perl_value = neo4j_value_to_SV(value);`
`50`		`- Inline_Stack_Push( perl_value );`
	`50`	`+ Inline_Stack_Push( sv_2mortal(perl_value) );`
`51`	`51`	`}`
`52`	`52`	`Inline_Stack_Done;`
`53`	`53`	`return;`